-
-
Notifications
You must be signed in to change notification settings - Fork 187
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OEM reownership required changes for QubesOS certification of the X230 #551
OEM reownership required changes for QubesOS certification of the X230 #551
Conversation
- OEM is enforced by touching /boot/oem - OEM can be provisioned automatically if /media/oem-provisioning exists which feeds all the secrets automatically. - LUKS rencryption script added, which reencrypts and change Disk Recevory Key passphrase - LibremKey/Nitrokey factory reset script added, which takes user input first and then change key size, generate keys, exports them and flash rom. -Todo: Reset code should be added later on. (To unlock Admin. Else, a DoS is possible on a USB key) - Contains uniformaization of langage. - some shellcheck improved code - LUKS Disk Unlock Key works properly -LVM volumes and disk devices are automatically detected - GPG modules were retouched to remove invalid configure options which generated warnings - LibremKey/Nitrokey is named everywhere for proper credit of partnership for HOTP ... And a lot of other smaller fixes...
6a0ecc3
to
42a0146
Compare
- OEM is enforced by touching /boot/oem - OEM can be provisioned automatically if /media/oem-provisioning exists which feeds all the secrets automatically. - LUKS rencryption script added, which reencrypts and change Disk Recevory Key passphrase - LibremKey/Nitrokey factory reset script added, which takes user input first and then change key size, generate keys, exports them and flash rom. -Todo: Reset code should be added later on. (To unlock Admin. Else, a DoS is possible on a USB key) - Contains uniformaization of langage. - some shellcheck improved code - LUKS Disk Unlock Key works properly -LVM volumes and disk devices are automatically detected - GPG modules were retouched to remove invalid configure options which generated warnings - LibremKey/Nitrokey is named everywhere for proper credit of partnership for HOTP ... And a lot of other smaller fixes...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The main things were the small branding correction, not using "|| die" so much in GUI scripts, and moving the oem functions possibly into their own /etc/functions-oem file that's sourced by gui-init instead of having them all be inside gui-init.
could you also add documentation on why we have OEM mode and what it does exactly? thanks! |
@merge you're right. Editing OP. |
-remove die calls in whiptail reported cases which are handled anyway -move oem functions into etc/functions to have a cleaner gui-init
- fix regression : putting back possibility to set a default boot option without having to seal it in TPM. - Verified all possibilities: without sealing in TPM, going back to set a new default sealed, and going back once again to reuse past used configured devices.
…or on console when not existing
… and why /media/oem-provisioning values are used in each stage
@merge : if you have any comment, you are more then welcome! |
…under etc/functions and sourced by those scripts
…only when board "CONFIG_OFFER_TPM_LUKS_DISK_UNLOCK_KEY=y" is defined
…of CONFIG_OFFER_TPM_LUKS_DISK_UNLOCK_KEY The librem boards defaults to CONFIG_OFFER_TPM_LUKS_DISK_UNLOCK_KEY=n since they rely on LUKS being released with GPG QubesOS will support that feature when dom0 will be bumped to version 29, since cryptsetup needs to be upgraded to support that.
…branch to protect them from being corrupted between boards.
…D. The default code path should still works if no encrypted partition is found
… Reset Librem Key/Nitrokey Pro v2 GPG Card + keygen + flash
…-staging_rebase_master_PR Fix ofr fedora-29 pinentry build, supressing gtk and gnome3 support
…ware generated and supposed to be kept.
@@ -30,19 +30,12 @@ gpg2_configure := ./configure \ | |||
--disable-regex \ | |||
--disable-doc \ | |||
--disable-bzip2 \ | |||
--disable-asm \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All gpg and gpg requirements undefined options have been removed.
…enforcing Disk Unlock Key passphrase
…-staging_rebase_master_PR Includes MrChromebook changes from his branches HOTP and small_fixes
…g having been corrected and upstreamed.
…G Admin PIN/HOTP doesn't require to not have space anymore)
Certified. |
@merge @flammit @kylerankin @osresearch: will you approve this PR or shall I maintain it seperatly in my gitlab account? Sent from my Galaxy S3 using FastHub-Libre |
@merge @flammit @kylerankin @osresearch @marmarek The PrivacyBeast_X230_QubesOS_Certified protected branch won't be updated for the next year, following QubesOS certification's public announcement. Technology preview - Walktrough videos:
If you see anything ugly, now would be a good time to speak! |
Fixes needed to be done on the stable branch to fix sdcard issues only showing when attempting to reencrypt sdcard content (resulting in IO errors on some cards of the same brand but not others... sdhci-pci and mmc being involved in the problem) This implied upgrading the kernel to latest LTS. Commits onward are here CI builds attempts are happening here |
Most of the work here has been upstreamed. Missing if anyone wants to upstream:
Will be done soon:
|
The main goal behind this OEM Reownership Wizard is to be able to ship QubesOS or any other OS preinstalled into LUKS encrypted containers, without compromising user's confidentiality, privacy nor security, while enforcing tamper-evidence (provable security) of the firmware and /boot components in transit and at rest, without giving the OEM a possibility to hand those out to third parties.
With Heads measured boot through TOTP/HOTP integrity seals, preinstalled QubesOS trusted hardware shipped with QubesOS can now become a reality. This PR is the last step before QubesOS certifies the PrivacyBeast x230 laptop, by Insurgo Technologies Libres / Open technologies (This is me! Hello! :) )
The OEM flashes Heads, neutralizes ME and reboots. He is asked to insert his public GPG key, which he does with his own dedicated deployment public key associated with his deployment Nitrokey/Librem Key. On reboot, he is asked to reown the TPM, which will trigger HOTP/TOTP resealing from a prompted menu. The OEM has to make sure that the system clock is good and correct GMT time accordingly before going further. (Make sure RTC clock battery is good).
He then boots pre-signed clonezilla or other ISO image with his deployment Nitrokey/Librem Key and reimages the HD with an up-to-date QubesOS disk image, signs boot config files and then fires the reownership wizard, wth a brand new Librem Key/Nitrokey conected, for that hardware secrets to be unique. To do so he creates a /boot/oem file, which when dropped into place invokes the OEM reownership wizard.
That wizards looks for an existing /media/oem-provisining file, that if present, automagically provision Heads prompts to reencrypt LUKS container, change LUKS associated passphrase, factory resets connected Librem Key/Nitrokey and define user and admin PINS injects associated public key into running rom, and ends by reowning the TPM. EDIT: if file is present but doesnt contain required secrets, the user is prompted to fill them with autogenerated passphrases, or he can manually select one, while the screen is filled with diceware words to choose from.
Then the OEM boots QubesOS, syncs system time. Then go into recovery, and finally recreates the /boot/oem for the user to use the same process. That is the last step done by the OEM before shipping the devices separately/altogether. The next reboot invokes the reownership for the user to do the exact same steps described above when the hardware is received, with a a user provided /media/oem-provisioning file or manually entering secrets into prompts. In either way, the OEM needs to provide the Actual Disk Receovery Key by secured communication channels so the user can reown his computer upon reception.
See video here.
The /media/oem-provisioning file can be automatically generated by a script to provision Heads required secrets from the OEM wizard.
The OEM shares used oem-provision file to the user by secured communication channel, accompanied with a screen capture of the TOTP QR code printed on the screen after TPM reset has been accomplished. The user can already scan that TPMTOTP code in his smartphone's OTP application to attest that the laptop has not been tampered with in transit, while thinking about the secrets he will feed to the new hardware when received, let it be manually or through /media/oem-provisioning.
The OEM reownership wizard explains the steps to the user through whiptail messages, the onboarding one being:
Details of this PR. Evolution of #511
which feeds all the secrets automatically.
OEM features:
Additions:
... And a lot of other smaller fixes...
Sent from my Galaxy S3 using FastHub-Libre